参考:
https://qizhanming.com/blog/2019/08/10/how-to-config-email-server-with-postfix-dovecot-and-mariadb-on-centos-7
注意:
不加密,可以不用对postfix/master.cf修改
centos 7.9
yum update
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 mail.youdun.cn
#::1 sBrhqL1057078
postfix
hostnamectl set-hostname yourhostname
rm /etc/my.cnf
yum update -y
yum install postfix dovecot mariadb-server dovecot-mysql mailx -y
systemctl enable mariadb
systemctl enable postfix
systemctl enable dovecot
systemctl start mariadb
systemctl start postfix
systemctl start dovecot
systemctl stop firewalld
systemctl start mariadb
systemctl start postfix
systemctl restart dovecot
systemctl stop firewalld
CREATE DATABASE mailserver;
create user mailuser@'localhost' identified by 'mailuserpass';
grant all privileges on mailserver.* to mailuser@'localhost';
flush privileges;
use mailserver;
CREATE TABLE `virtual_domains` (
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `virtual_users` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`password` VARCHAR(106) NOT NULL,
`email` VARCHAR(120) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `virtual_aliases` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
INSERT INTO `virtual_domains`(`id` ,`name`)VALUES(1, 'youdun.cn');
INSERT INTO `virtual_users`( `domain_id`, `password` , `email`)VALUES( 1, '123456', 'test2@youdun.cn');
INSERT INTO `virtual_users`( `domain_id`, `password` , `email`)VALUES( 1, '123456', 'test1@youdun.cn');
INSERT INTO `virtual_aliases`(`domain_id`, `source`, `destination`)VALUES( '1', 'test2@youdun.cn', 'test1@youdun.cn');
==============================================================================
postconf -n
注意这儿,否则有权限问题
mkdir -p /var/mail/vhosts/youdun.cn
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/mail
chown -R vmail:vmail /var/mail
chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot
ls -ld /var/mail
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
postconf -n
-alias_database = hash:/etc/aliases
-alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
-command_directory = /usr/sbin
-config_directory = /etc/postfix
-daemon_directory = /usr/libexec/postfix
-data_directory = /var/lib/postfix
-debug_peer_level = 2
-debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
-html_directory = no
-inet_interfaces = all
-inet_protocols = all
-mail_owner = postfix
-mailq_path = /usr/bin/mailq.postfix
-manpage_directory = /usr/share/man
mydestination =
-mydomain = example.com
-myhostname = mail.example.com
-myorigin = $mydomain
-newaliases_path = /usr/bin/newaliases.postfix
-queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relayhost =
-sample_directory = /usr/share/doc/postfix-2.10.1/samples
-sendmail_path = /usr/sbin/sendmail.postfix
-setgid_group = postdrop
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
-unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
broken_sasl_auth_clients = yes
readme_directory = no //改
recipient_delimiter = +
mydestination = //改
relayhost = //改
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-virtual-email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
cat >/etc/postfix/mysql-virtual-mailbox-domains.cf<< EOF
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_domains WHERE name='%s'
EOF
cat >/etc/postfix/mysql-virtual-mailbox-maps.cf<< EOF
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_users WHERE email='%s'
EOF
cat >/etc/postfix/mysql-virtual-alias-maps.cf<< EOF
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination FROM virtual_aliases WHERE source='%s'
EOF
cat >/etc/postfix/mysql-virtual-email2email.cf<< EOF
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT email FROM virtual_users WHERE email='%s'
EOF
使用 postmap 命令测试访问 virtual_domains 表,返回 1 表示成功
postmap -q youdun.cn mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
postmap -q test1@youdun.cn mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
postmap -q test1@youdun.cn mysql:/etc/postfix/mysql-virtual-email2email.cf
postmap -q test2@youdun.cn mysql:/etc/postfix/mysql-virtual-alias-maps.cf
cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig
cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig
cp /etc/dovecot/conf.d/auth-sql.conf.ext /etc/dovecot/conf.d/auth-sql.conf.ext.orig
cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig
cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
mkdir -p /var/mail/vhosts/youdun.cn
vi /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
listen = *
vi /etc/dovecot/conf.d/10-mail.conf
...
mail_location = maildir:/var/mail/vhosts/%d/%n
...
mail_privileged_group = mail
...
vi /etc/dovecot/conf.d/10-auth.conf
...
disable_plaintext_auth = no 不强制明文
auth_mechanisms = plain login
...
!include auth-system.conf.ext
...
!include auth-sql.conf.ext
cat >/etc/dovecot/dovecot-sql.conf.ext<< EOF
driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailuserpass
default_pass_scheme = PLAIN
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
EOF
cat >/etc/dovecot/conf.d/15-mailboxes.conf<< EOF
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Sent {
auto = create
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
special_use = \Junk
}
mailbox Trash {
auto = create
special_use = \Trash
}
prefix =
}
EOF
cat >/etc/dovecot/conf.d/auth-sql.conf.ext<< EOF
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}
EOF
cat >/etc/dovecot/conf.d/10-master.conf<< EOF
#default_process_limit = 100
#default_client_limit = 1000
# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M
# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull
# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
#port = 993
#ssl = yes
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
#mode = 0666i
mode = 0600
user = postfix
group = postfix
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = $default_vsz_limit
# Max. number of IMAP processes (connections)
#process_limit = 1024
}
service pop3 {
# Max. number of POP3 processes (connections)
#process_limit = 1024
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
# Postfix smtp-auth
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
# Auth process is run as this user.
user = dovecot
}
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
user = vmail
}
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
EOF
dovecot -n
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-1160.119.1.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 (Core) xfs
# Hostname: mail.youdun.cn
auth_mechanisms = plain login
first_valid_uid = 1000
listen = *
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Sent {
auto = create
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
special_use = \Junk
}
mailbox Trash {
auto = create
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
